Last week, Matthew Schwartz of InformationWeek wrote an article, Schwartz On Security: Zombie Internet Kill Switch . In the article, Matthew highlights a report from Unisys finding that nearly two-thirds of 1,000 people surveyed support the concept of an Internet kill switch. The survey results are based on the following question: “If there were clear evidence of a malicious cyber-security attack by a foreign government against our military, civilian government, electrical grid, financial systems or other critical infrastructure, should the President have the authority to take control of or effectively shut down portions of the Internet to mitigate a crisis?”
Despite the 61% who said yes, Matthew’s argument is that it’s a flawed question and that surgically disabling crucial parts of the Internet is folly no matter the powers supposedly bestowed by legislators.
Here’s my take: This is a complex problem. In the absence of a revised legal framework to protect the business interests of ISPs whose actions could raise the ire of intellectual property (IP) owners and privacy advocates, the Internet “kill switch” is, currently, the only weapon available to mitigate a cyber-attack. Given that offending powerful intellectual property rights owners or the ACLU provides an express track to political demise, little else of value has been suggested. See my reaction to the initial cyber-security legislation proposed this summer: CyberSecurity Legislation is a Good First Step.
My opinion is that ISPs should be provided with a safe-harbor exception from liability so that they can provide so-called “clean pipes” to Internet peer points. In effect, the ISPs should be able to monitor the traffic on their network for botnets and other hostile activity and disconnect these systems as a matter of daily business activity. The technology exists to automate the detection and disablement of these types of systems, but the legal framework does not.
I have never found the Federal Government to act with a nefarious purpose. I do see a legislature and bureaucracy that are both pragmatic and cognizant of the stalemate that currently exists, trying all avenues to secure the citizenship while steering clear of legal land mines and lobbyist pressure. The problem really should be solved through a series of minor tweaks to the privacy laws and safe-harbor statutes of the law, but unfortunately we may be forced to a more draconian solution as a matter of political practicality.
If you like this article please follow us on Twitter: @liebsoft.